Trouble reseting OpenPGP card after admin PIN lockout

Paul R. Ramer free10pro at gmail.com
Wed Jan 22 10:59:37 CET 2014 

On 01/21/2014 03:23 AM, Peter Lebbing wrote:
> TL;DR: I think you might be helped by [4]. Do an "scd killscd" from
> gpg-connect-agent, install and start pcscd, install the Python module pyscard
> and run the script from [4]. By the way, if you have an OpenPGP v.1 card, you're
> screwed, they self-destruct on 3 wrong Admin PINs.

I followed your instructions and they worked.  Thank you very much.
Thanks for doing all of the testing and research.  I am sure that it
will be of good use for others as well if they encounter this problem.

> Note that an OpenPGP v1.1 card will self-destruct on 3 wrong admin PINs. If you
> have a v1.1 card, you're out of luck.
> 
> However, a v2.0 card can be quite a bitch as well. [...]

Uh, yes.  Well, this started out as testing to see if reseting the card
after exhausting the 3 tries on the Admin PIN would be straight forward.
 I guess the old saying, "Be careful what you wish for," would apply
here.  I knew that the v1.1 card would be fried in this case, so armed
with the knowledge that a v2.0 card could be reset I set out to test it.
 All the time I was thinking, "This should be easy." :-)

> Then at some point, my card stopped working. I would get "Incorrect value" if I
> remember, euh... correctly. I got a bit worried at this point, and decided to
> kill scdaemon and gpg-agent to start with a clean slate. gpg-agent however is
> started by my X session, and killing it only made it <defunct>. At this point I
> logged out, and lost my log of what I had done. Oops! There goes an exact and
> detailed transcript of how it went wrong. Aaarrrggh! Why didn't I set screen to
> log all to a file?!

Our brains always seem to know the best course of action after the
opportunity for it has passed. :-)

> At this point my card works again. A little while earlier in writing this mail,
> I thought "well that's the last time I experiment with resetting an OpenPGP card
> to help someone", but I suppose I'm good to go again :). I don't have to throw
> out my unused card after all.

I have been there before with other hardware and software problems.  But
despite every time that I determined that I was finished with "X"
software or hardware, I would later pick it up again and eventually
figure it out.

Cheers,

--Paul

--
PGP: 0x3DB6D884

More information about the Gnupg-users mailing list